CVE-2019-3640 MEDIUM

CVE-2019-3640: Data Loss Prevention - Unprotected Transport of Credentials

Vendor Mcafee
Product Data Loss Prevention
Published November 14, 2019
Last update August 4, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Unprotected Transport of Credentials in ePO extension in McAfee Data Loss Prevention 11.x prior to 11.4.0 allows remote attackers with access to the network to collect login details to the LDAP server via the ePO extension not using a secure connection when testing LDAP connectivity.

Key dates

02Disclosure timeline

November 14, 2019 CVE published
August 4, 2024 Record updated